Professional Documents
Culture Documents
1
bandwidth, consumer protection and network access
2. E-commerce models: [5]. Overcoming to these barriers, B2C become
Basically in the broad terms, there are two types of more effective and reliable to consumer. Although
commerce: traditional commerce and electronic consumer and merchant are not face-to-face meet
commerce [4]. In traditional commerce money flows but consumer have more options and have more
by hands of customer and merchant but in electronic solutions online.
commerce means flow of money electronic by using 2.3 Consumer-to-Consumer (C2C) model:
various electronic payment methods. This type of e-commerce is usually a form of an
2.1 Business-to-Business (B2B) model: auction site. The consumer lists items for sale with a
Business-to-Business form of e-commerce, is commercial auction site. Other consumers access the
experiencing an explosive growth rate on Internet. site and place bids on the items. The site then
Companies of all sizes and types are mutually provides a connection between the seller and buyer
buying and selling products and services on the to complete the transaction. The site provider
Internet. This model provides web-based usually charges a transaction cost. C2C refers a
technologies for all sizes of companies. This offers situation where both the seller and the buyer are
companies dynamic and exciting business consumer in an online transaction [4]. Given an
opportunities [5]. B2B also offers unique benefits individual’s lack of knowledge about others selling
such as less human intervention, less overhead online as well as the fact that a significant amount of
expenses, fewer inadvertent errors, more efficiency, money may be involved in a transaction, a major
more advertising exposure, new markets and new barrier to C2C e-commerce is likely to be a lack of
physical territories equate to an intelligent method trust in the seller [8].
of mutual business. It is a win-win situation for both 3. Need of secure e-commerce:
buyer and seller [14]. There are several reasons why electronic commerce
2.2 Business-to-Consumer (B2C) model: must have stronger requirement on security than
Business-to-Consumer form of e-commerce now traditional form of commerce [12].
comes out of its infancy stage. It is basically a 3.1 Internetworking of computer systems: Online
concept of online marketing and distributing of business has a lot of computer that are
products and services over the Internet. It is a interconnected to perform business transactions.
natural progression for many retailers or marketer Security on each connection requires a deep sight.
who sells directly to the consumer. The general idea Secure data and money transfer must be there.
is, if you could reach more customers, service them 3.2 Data repository: Storage of sensitive data in
better, and make more sales while spending less to repositories or databases makes e-commerce system
do it that would the formula of success for ideal target [10]. Hackers seem any target to data
implementing a B2C e-commerce infrastructure repositories due to availability of data on a single
[14]. Customer feels more trust on making place.
transactions online. Though consumer continues to
experiment online, business-related barriers must 3.3 Lack of forensic evidence: The lack of forensic
still be overcome-security, privacy, uncertainty, low evidence in computer makes detection, capture and
2
prosecution more difficult [10]. Regular auditing of interactions, accurate and reliable information is
system is essential for secure transactions. essential for online business on the Internet. The
3.4 No matter of distance: Computer crimes can be major concern must be over the security for make a
committed a thousand of miles from the held place. safe guard for online transactions. E-Commerce can
With the facility of internetworking of system, it is give a company a strong advantage over their
not hard to committing crimes without the barriers competitors while providing greater value and
of distance and time. comfort to its customers [1].
4. E-commerce barriers: There are a lot of factors 4.1 CIA Triad Model of security:
that prevents our move towards e-commerce. Some The confidentiality, integrity and availability on the
of them are [9]: Internet are the basic security concepts [11]. The
- Technology CIA triad model [13] describes
- Security issues Confidentiality
- Lack of trust
- Legal and Regularity issues
- Human resource issues. Integrity Availability
3
5. Security by Depth: Java Applets gain access to sensitive files on the
Security can be defined as term in which the users’ desktop. Java Applets are considered un-
information or data is stored in the system cannot be trusted code that must be carefully handled.
read or compromised by unauthorized users. Moreover there are other kinds of threats with
“Bad people do bed things.” Jeff Mallet, president concern to e-commerce security as (a) Unauthorized
of Yahoo!, Inc. made that observation in the access (b) Malicious code (c) Financial Fraud such
aftermath of the recent “hacker attack” that sent the as credit card fraud etc.(d) Denial-of-Service attacks
world’s largest electronic commerce sites reeling [9].
[16]. 6. Security solutions:
Threats to security: We can classified various technologies that are used
The online consumer uses the web browser as front- to prevent from stealing the confidential information
end to make a transaction. Web browser poses risks in online business [9] :
to the user’s security and privacy of the information. (a) Cryptographic technologies
The more risk arises when a user visits unknown (b) Access Control and authentication
web links that are un trusted, having the lack of protection
knowledge of these links. Sometimes uploading or (c) Virus protection tools
downloading of files may cause to make a loophole (d) Other combination of technologies
for secure user systems. Cryptographic Technologies: Cryptology uses the
Cookies are another web technology that can be techniques in which the plain text information is
used to hack the end users’ privacy. Cookies are converted in cipher text using various schemes and
data that are sent back and forth between the web methods that cannot be read even if the information
server and client to maintain state between Web is hacked. We used various encryption schemes,
connections. Web server uses this information to digital signatures, Hash function and digital
know about the browsing habit of the user and certificates [9].
displays these kinds of links without the permission Access Control and authentication protection:
of the user. There must be a level of information on that the user
Some Active X controls are placed on the webpage can access the information. Boundaries to the
to download the information about the system information must be defined. If there is access
configurations by downloading itself to user’s control the most of attacks are impossible. Firewall
machine and after reading its mail files send this can be used for this kind of access controls. Setting
information back to the Web server. The notorious the password to sensitive information can protect the
Computer Chaos Club out of Germany demonstrate data. Password used after the hacker cross the
the ability to download a seemingly ActiveX control Firewall or authorization but kept in authentication.
that in fact scheduled electronic transfer of funds
from the users’ account to a numbered Swiss bank
account [17].
Java Applets automatically downloaded from any
Web page and run within the user’s Web browser.
4
threat. The next step is identifying vulnerabilities.
Various tools and methods are used to find out the
weakness of network. The final step is to quantify
the value of each risk by assigns a value to each risk
[1].
Biometrics can also be used with concern to The second phase is planning. In planning, sets of
identifying a person based on his or her security policies define which threats are tolerable
physiological or behavioral characteristics. and which are not. By means of tolerable threats that
Biometrics are utilized for authentication and as a have less risk in network. This phase also have some
result, protects confidentiality and integrity [9]. steps. In first step specifies the policies. Second is
Virus protection tools: establishing processes for auditing and review [1].
Today, there are various kinds of anti-virus and Review is needed to check the effectiveness of
content-filtering software introduced in the market. policies. And last step is to make the final plan that
There are five distinct methods identified for will be implemented on network.
fighting against viruses [9]:- The third phase is the implementation of the plan.
- Signature scanning anti-virus software Technologies are chosen as defined in planning
- Integrity checking anti-virus software phase.
- Heuristic anti-virus software The last phase is monitoring. Monitoring is a
- Macro virus analyzers continual process that aides in the determination of
- Polymorphic virus analyzers which technologies are successful, which are
Other combination of Technologies: unsuccessful and need modification, whether there
Including these protection schemes, some protocols are any new threat [1].
are also used for secure the sensitive information as Conclusions:
Secure Socket Layer (SSL), SET, PGP, Secure E-Commerce is the developing trend of the
Hyper Text Transmission Protocol(S-HTTP), Secure economic development. Network payment relies on
MIME( S/MIME) etc. the establishment and completeness of electronic
7. Internet Risk Security Management: online safe trading. A secure online transaction
Business must determine the themes that are most requires a lot of security concerns. E-commerce is
valuable for them. It must be planed to put them still very much in an experimental phase. Basically
together, planned and implement the plan. Risk there are many solutions that are available for secure
management consist of four phases-assessment, Internet business but still have to wait for its best
planning, implementation and monitoring [1]. use. The basic is to prevent the messages (payment,
During the assessment phase, the organization order) when there are a lot of barriers due to broad
estimated the security risk. It contains five steps. network. This paper does not provide the efficient
First is to establish the objectives of an organization. solution for secure E-commerce but it explores the
Second is assets inventory that is to define the tools and methods that may be used to make secure,
tangible and intangible assets. Third step is to trustful and reliable online business. A safe e-
delineate threats in which we find out the origin of commerce environment made it easy to establish the
5
trust of customer. Overall E-commerce sites need to ICT-2006 PP 237-240 Feb 09-11, 2006 at
JMIT, Radaur Yamuna Nagar
be concerned with the variety of security issues
including: authentication-verifying the participants [10]. Anup K. Ghosh “E-Commerce security:
No Silver Bullet” IFIP Conference Proceedings;
that are involved in the transactions; authorization-
Vol. 142, P: 3 – 16, 1998
verifying the user has permission to specific data.
[11]. Dekker, M,(1997) The Frorlich/ Kent
Security becomes the most essential concept in E-
Encyclopedia of Telecommunications vol.15.
commerce and still have more to explore the NY p.123
security weak links.
[12]. G.W.Treese “Inernet Security: To worry
or not to worry? EDI Forum Journal of
Electronic commerce 10(4): 54-58,1997
References:
[1]. Bob Gehling, David Stankard “eCommerce [13]. C.Barnes, ET Al “Hack proofing your
Security”, Information security curriculum wireless networks” Syngress Publishing,
development Proceedings of the 2nd annual RockLand, MA,2002.
conference on Information security curriculum
development, 2005, P: 32 - 37 [14].http://www.isos.com.my/ecommerce/b2b.h
tm
[2]. P.Ratanshigham “Trust in Web-based
Commerce Security”, Information Management [15]. Anonymous (2003) Special Report.2003
and Computer Security, 1998 vol.6,no.4.p162- April 17. Computing; security; smart moves to
166. earn consumer confidence retrieved July19,
2003 from Lexis Nexis.
[3]. A.K.Gosh, ”E-Commerce security: Weak
links, Best Defenses”, John Wiley & Sons, New [16]. Zinkewiez Phil 2000, Feb19, Insurance
York NY, 1998 ISBN-0-47-1922-3-6. Advocate.Hacker Attackers Raise troubling
questions on e-commerce Security
[4]. H.Chan, E T Al “E-Commerce”, Developments.
Chichester, Wiley 2001.
[17].Klaus Brunnstein, Hostile ActiveX control
[5]. T.Colman, ET Al “Keeping E-Business in demonstrate RISK Digest 18(82), February
perspective”, Communication of ACM, 1997.
August,2002 vol.45. no.8 page 69-73.